// Authentication Manager - Definition of in-core authentication thing
// Copyright 2004 (C) Ralph Thomas

#ifndef AUTHENTICATION_MANAGER_H
#define AUTHENTICATION_MANAGER_H

#include <util/string.h>
#include <model/internal/url.h>
#include <model/model.h>

namespace model {
	//
	/// The authenticationManager class will give passwords out to
	/// models for usernames and URLs (or just URLs, if the username
	/// is also unknown).
	///
	/// The authenticationManager is NOT exposed via a message interface
	/// and the idea is that it shouldn't be. It is ONLY visible to models
	/// and models SHOULD NOT report passwords back to the user.
	///
	/// The authenticationManager is the ONLY thing which is allowed to
	/// store passwords in the mission software. Sometimes (if it doesn't
	/// know a password) it might ask the user for the password - it does
	/// this using it's own GUI (which might have a special window border
	/// or something).
	///
	/// The reason for all of this is that client code should NEVER EVER
	/// EVER EVER ask the user for a password, or even KNOW a password, or
	/// even know if a password is used for some URL.
	//
	class authenticationManager {
	  public:
		//
		/// The account class contains all the information required to
		/// log into some account.
		//
		class account {
		  public:
			util::string username;	///< The account username
			util::string password;	///< The account password
			//
			// Equality operator.
			//
			bool operator==(const account& rhs) const {
				if( username != rhs.username ) return false;
				if( password != rhs.password ) return false;
				return true;
			}
		};
		//
		// void getAccountInfo( util::string token, model* m, win )
		//
		/// Extract the account information (either from the user or
		/// from cache) and return it to the model by calling
		/// the model::action( kAuthenticate, account ) method. This
		/// function might be asynchronous, in which case it will
		/// retain the model before returning (to ensure that it never
		/// calls into a deleted model).
		///
		/// There is no guaruntee that the authenticationManager will
		/// ever get back to the model -- the user may never enter
		/// the authentication information.
		///
		/// Note that the authenticationManager does no verification
		/// to make sure that this account information is correct.
		///
		/// \param	token	a unique identifier for this login
		///			domain (so, a username or account
		///			name merged with a URL typically).
		///			
		/// \param	m	the model to report the authentication
		///			information to.
		//
		static void getAccountInfo( util::string token, model* m );
	};
};

#endif

